The present invention relates to methods and apparatus for facilitating secure collaboration between one or more processors in a multi-processing system.
In recent years, there has been an insatiable desire for faster computer processing data throughputs because cutting-edge computer applications are becoming more and more complex, and are placing ever increasing demands on processing systems. Graphics applications are among those that place the highest demands on a processing system because they require such vast numbers of data accesses, data computations, and data manipulations in relatively short periods of time to achieve desirable visual results. Real-time, multimedia applications also place a high demand on processing systems; indeed, they require extremely fast processing speeds, such as many thousands of megabits of data per second.
While some processing systems employ a single processor to achieve fast processing speeds, others are implemented utilizing multi-processor architectures. In multi-processor systems, a plurality of sub-processors can operate in parallel (or at least in concert) to achieve desired processing results. It has also been contemplated to employ a modular structure in a multi-processing system, where the computing modules are accessible over a broadband network (such as the Internet) and the computing modules may be shared among many users. Details regarding this modular structure may be found in U.S. Pat. No. 6,526,491, the entire disclosure of which is hereby incorporated by reference.
A problem arises, however, when a processing system is used over a network or is part of a shared resource. In particular, the processor and its associated hardware, software, data and the like are subject to outside influences such as intentional hacking, viruses and the like. Another problem involves the unauthorized or outright malicious effects that may be introduced by boot software, operating system software, application software, and content (data) that is not authenticated in some way prior to execution. Unfortunately, the conventional process of executing software applications (or other types of digital content) prescribes reading the software from a memory and executing same using a processor. Even if the processing system in which the software is executed employs some type of security feature, the software might be tampered with or may not be authorized for execution in the first place. Thus, any later invoked security measures cannot be fully trusted and may be usurped.
In the multi-processor context, it has been contemplated to have a “secure” processor in the system enter a mode in which no requests initiated by others of the processors for data transfers into or out of the secure processor are serviced, but such transfers initiated by the secure processor are serviced. In this way, the processing environment within the secure processor may be trusted to carry out sensitive operations. While this security approach works well when the processors in the multi-processing system are completely autonomous, problems may arise when one or more of the processors in the system seek to perform oversight or monitoring processes in which data within the secure processor is requested.
For example, in a multi-processing system it may be desirable for one of the processors (e.g., a main processor) to monitor the application program(s) and data being executed on the other processors (sub-processors) in order for the main processor to invoke processing changes. For example, the main processor may want to move tasks from one sub-processor to another sub-processor, to allocate data among the sub-processors, to pause execution of tasks within a sub-processor, etc. This may involve the main processor seeking to obtain data within any local memories, hardware registers, and other components of the sub-processors. If a particular processor is in a secure mode, however, the main processor might not be permitted access to the data and, therefore, as an undesirable consequence the efficacy of the management function of the main processor may be reduced.
Accordingly, there are needs in the art for new methods and apparatus for providing security features in a multi-processing system that permit secure collaborative relationships among the processors.